CVE-2013-1397

Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
sensiolabssymfony
2.0.0
sensiolabssymfony
2.0.1
sensiolabssymfony
2.0.2
sensiolabssymfony
2.0.3
sensiolabssymfony
2.0.4
sensiolabssymfony
2.0.5
sensiolabssymfony
2.0.6
sensiolabssymfony
2.0.7
sensiolabssymfony
2.0.8
sensiolabssymfony
2.0.9
sensiolabssymfony
2.0.10
sensiolabssymfony
2.0.11
sensiolabssymfony
2.0.12
sensiolabssymfony
2.0.13
sensiolabssymfony
2.0.14
sensiolabssymfony
2.0.15
sensiolabssymfony
2.0.16
sensiolabssymfony
2.0.17
sensiolabssymfony
2.0.18
sensiolabssymfony
2.0.19
sensiolabssymfony
2.0.20
sensiolabssymfony
2.0.21
sensiolabssymfony
2.1.0
sensiolabssymfony
2.1.1
sensiolabssymfony
2.1.2
sensiolabssymfony
2.1.3
sensiolabssymfony
2.1.4
sensiolabssymfony
2.1.5
sensiolabssymfony
2.1.6
sensiolabssymfony
2.2.0
sensiolabssymfony
2.2.1
sensiolabssymfony
2.2.2
sensiolabssymfony
2.2.3
sensiolabssymfony
2.2.4
sensiolabssymfony
2.2.5
sensiolabssymfony
2.2.6
sensiolabssymfony
2.2.8
sensiolabssymfony
2.2.9
sensiolabssymfony
2.2.10
sensiolabssymfony
2.2.11
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/51980
http://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released
http://www.securityfocus.com/bid/57574
https://exchange.xforce.ibmcloud.com/vulnerabilities/81551
http://secunia.com/advisories/51980
http://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released
http://www.securityfocus.com/bid/57574
https://exchange.xforce.ibmcloud.com/vulnerabilities/81551